First Take: Privacy in the Federal Automated Vehicles Policy


Connected Cars

In the federal guidance for autonomous vehicles issued yesterday, the Department of Transportation and the National Highway Traffic Safety Administration have wisely recognized that privacy will play a key role in promoting trust in connected vehicles. This guidance and its emphasis on privacy is an important first step in building that trust.

The highly-anticipated federal guidance calls for companies to complete annual 15-point safety assessments, and outlines model state policies and regulatory tools that will enable adoption of autonomous vehicles on U.S. roads. As FPF has highlighted previously, new vehicle technologies have the potential to greatly reduce motor vehicle deaths while increasing overall safety and convenience—94% of the 35,000 motor vehicles deaths annually are caused by human error, many of which could be prevented by new accident-avoidance technologies. These life-saving technologies increasingly rely on the new types of data and sensors built into connected cars.

The DOT guidance calls for entities involved in manufacture, design, testing or sale of highly automated vehicle systems in the United States to submit a safety assessment letter that outlines their adherence to the guidelines on 15 specific topics, including privacy and cybersecurity. The letters should be issued at least four months before active public road testing begins on a new automated feature, and again after significant updates. The assessments will initially serve as an optional exercise, but the agencies indicated that they may become mandatory after a public comment period kicked off by yesterday’s guidance and a potential future rulemaking.

The core privacy component of the guidance highlights privacy principles set forward in the White House Consumer Privacy Bill of Rights (CPBR) and the Alliance of Automobile Manufacturers and Global Automakers’ Privacy Principles. It calls for manufacturers, as well as other entities, to take steps to protect consumer privacy by focusing on the Fair Information Privacy Principles of transparency; choice; respect for context; data minimization, de-identification and retention; security; integrity and access; and accountability. The specific application of these concepts for satisfactory completion of the safety assessments will be negotiated in the public comment and review periods to come.

Unlike other aspects of the assessment, privacy is a focus for vehicles operating with lower levels of automation; not just for Highly Automated Vehicles. Much of the document only applies to levels 3-5 of autonomy, but the “Cross-Cutting Areas of Guidance” under which the core privacy sections of the document fall apply to all connected vehicles. While more highly automated vehicles must rely more on data than others, cars of all automation levels increasingly incorporate new data-reliant technologies.

Data sharing is also a core component of the guidance, based on the understanding that safety and product improvements may be best achieved through sharing de-identified vehicle data among industry and regulators. The document also makes clear that NHTSA and the DOT increasingly see themselves relying on new vehicle data to implement their safety and oversight missions, through either special or general authority, and potentially by calling for enhanced data collection tools such as enhanced data recorders (EDRs).

The call for de-identification in data sharing leads the DOT to articulate its reliance on the definition of “personal data” in the Consumer Privacy Bill of Rights, as “data that are under the control of a covered entity, not otherwise generally available to the public through lawful means, and are linked, or as a practicable matter linkable by the covered entity, to a specific individual, or linked to a device that is associated with or routinely used by an individual” (emphasis added). Linkability to an individual is considered key, as the guidance cites both the “as a practical matter linkable” standard from the CPBR and the “reasonably linkable” standard set forth by the FTC. This definition is discussed in a footnote under the “Data Recording and Sharing Section.” Although the definition does not appear in the privacy section, this standard may represent the DOT’s current operational definition of “personal data.”

A future in which new kinds of mobility will expand transportation opportunities for all segments of society will depend on broad collection and use of data to ensure maximum safety and convenience for consumers. This framework certainly allows that use, and creates accountability guidelines that ensure data drives benefits for consumers and society. We look forward to being engaged in the comment and expert-driven processes to refine and implement this guidance.